What is AWS KMS(Key Management Service)
- It manage your keys which is used to access your data.
KMS - Customer Master Key(CMK) Types
1) Symmetric(AES-256 keys)
- First offering of KMs, single encryption key used to decrypt and encrypt.
- AWS services that are integrated with KSM use symmetric CMK’s
- You never get access to the Key unencrypted
2)Asymmetric(RSA & ECC key pairs)
- Public(Encrypt) and private(decrypt) pair
- Used for Encryption/Decryption or Sign/Verify operations
- Use case: encryption outside of AWS by users who can not call KSM API
SSM Parameter Store
P270
- Secure storage for configuration and secrets
AWS Secret manager
- Newer service, meant for storing secrets
- Capability to force rotation of secrets every X days
- Automate generation of secrets on rotation
- Integration with Amazon RDS(MySsql, PostgreSQL,Auroro)
- Secret are encrypted uisng KSM
AWS Shield
- AWS Shield Standard is for free.
- Its a service which protect you agains DDOS attack.
AWS WAF (Web Application Firewall)
- Protects your web application from common web exploits(Layer 7)
- Deploy on Allication LoadBlaancer, API Gateway, CloudFront
- Define Web ACL(Web Access Control List)
- Rules can include:IP Address, HTTP headers
- Protects from common attack - SQL Injection and Cross Site Scripting
- Size contraints, geo match
- Rate based rules for DDos protection
What is Amazon GuardDuty?
- Intelligent Threat discovery to Protect AWS accounts.
- Uses Machine Learning algorithms,anomaly detection, 3rd party data
- Can protect against CryptoCurrenct attacks
What is Amazon Inspector?
- Automated Security assessments for EC2 intsances and Containers pushed to Amazon ECR
What is Amazon Macie?
It is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.
-
Section3: Getting started with AWS4
-
Section4: IAM & AWS CLI11
-
Notes1
-
Section 5: EC2 Fundamentals9
-
Section6: EC28
-
Section7: EC2 Instance Storage8
-
Section8: High Availability and scaling7
-
Section9: AWS Fundamentals:RDS + Aurora + ElastiCache10
-
Section10: Route 535
-
Section 12: Amazon S3 Introduction4
-
Section13: AWS SDK,IAM Roles & Policies1
-
Section 14: Advance Amazon S3 & Athena5
-
Section 15: CloudFront & AWS Global Accelerator4
-
Section 16: AWS Storage Extras15
-
Section 17: Decoupling applications:SQS,SNS,Kinesis,Active MQ8
-
Section 18: Containers on AWS:ECS, Fargate , ECR & EKS5
-
Section 19: Serverles overviews from a Solution Arhitect perspective4
-
Section 20: Serverless Solution Architecture Discussion1
-
Section 21: Databases in AWS13
-
Section 23: Identity and Access Management(IAM)5
-
Section 24: AWS Security & Encryption9
-
Section 25: Networking - VPC21
-
Section 29:Disaster Recovery & migrations8
-
Section 30: More Solution Architectures11
-
Section 32: Whitepapers and architectures1
